How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How does DS (All versions) store password values?

Last updated Jun 15, 2021

The purpose of this article is to provide information on the password storage scheme formats used in DS. This information can help you understand the secureness of different schemes and how they compare. Additionally this information may be helpful if you have passwords hashed in another system and want to convert them for import into DS.

6 readers recommend this article

Overview

DS 7 introduces new password storage schemes, and also disables less secure and reversible schemes by default for improved security. See Default Security Settings for further information.

The password storage schemes that are enabled by default are as follows:

  • Bcrypt
  • PBKDF2-HMAC-SHA256
  • PBKDF2-HMAC-SHA512
  • SCRAM-SHA-256
  • SCRAM-SHA-512

Password storage scheme formats

The following table provides details of the password scheme formats in use in DS, where:

  • <digest> is the bytes returned from the relevant asymmetric hashing function.
  • <encrypted> is the bytes returned from the relevant symmetric encryption function.
  • <salt> is the salt bytes.
  • base64(...) is the standard base64 encoding of ...
  • "" surrounds literal characters in the password value.

Password Schemes 

Name Applicable versions Salt size (bytes) Key size (bits) Format
AES All ±   128 "{AES}" base64(<encrypted>)
Base64 All     "{BASE64}" base64(<password>)
Bcrypt * All 16   "{BCRYPT}" <digest>
Blowfish All ±   128 "{BLOWFISH}" base64(<encrypted>)
Clear All     "{CLEAR}" <password>

Crypt

  • UNIX **
  • MD5 ***
  • SHA256 ***
  • SHA2512 ***
 All

     

  • 2
  • 8
  • 8
  • 8
  

      

  • "{CRYPT}" <digest>
  • "{CRYPT}" "$1$" <digest>
  • "{CRYPT}" "$5$" <digest>
  • "{CRYPT}" "$6$" <digest>
MD5 Pre-DS 7     "{MD5}" base64(<digest>)
PBKDF2 (PBKDF2-HMAC-SHA1) All 16 (8 in pre-DS 7)   "{PBKDF2}" <iterations> ":" base64(<digest> <salt>)
PBKDF2-HMAC-SHA256 DS 7 and later 16   "{PBKDF2-HMAC-SHA256}" <iterations> ":" base64(<digest> <salt>)
PBKDF2-HMAC-SHA512 DS 7 and later 16   "{PBKDF2-HMAC-SHA512}" <iterations> ":" base64(<digest> <salt>)
PKCS5S2 (PKCS#5 V2.0 Scheme 2) **** All 16   "{PKCS5S2}" base64(<digest> <salt>)
RC4 Pre-DS 7 ±   128 "{RC4}" base64(<encrypted>)
Salted MD5 Pre-DS 7 8   "{SMD5}" base64(<digest> <salt>)
Salted SHA-1 All 16 (8 in pre-DS 7)   "{SSHA}" base64(<digest> <salt>)
Salted SHA-256 All 16 (8 in pre-DS 7)   "{SSHA256}" base64(<digest> <salt>)
Salted SHA-384 All 16 (8 in pre-DS 7)   "{SSHA384}" base64(<digest> <salt>)
Salted SHA-512 All 16 (8 in pre-DS 7)   "{SSHA512}" base64(<digest> <salt>)
SCRAM-SHA-256 DS 7 and later     Refer to RFC 5802, RFC 5803 and RFC 7677 for further details on the format.
SCRAM-SHA-512 DS 7 and later     Refer to RFC 5802, RFC 5803 and RFC 7677 for further details on the format.
SHA-1 All     "{SHA}" base64(<digest>)
Triple-DES All ±   168 "{3DES}" base64(<encrypted>)

± Deprecated in DS 7

* This <digest> is OpenBSD's bcrypt implementation, which uses a custom base64 encoding. See bcrypt - A FutureAdaptable Password Scheme for further information.

** This is a traditional Unix algorithm (12-bit salt).

*** See Modular Crypt Format for further information.

**** See Atlassian’s PBKDF2-based Hash for further information.

See Password Storage Scheme for details of what properties are allowed for each scheme.

Example Using Salted SHA-1

The following Java 11 code breaks apart a password hashed using the Salted SHA-1 scheme. The SHA-1 algorithm always returns 20 bytes, and the example code works successfully with passwords encoded with different size salts:

package org.example; import java.util.Arrays; import java.util.Base64; public class Demo {    static final int SHA_ALGORITHM_SIZE = 20; // Number of bytes returned from a SHA-1 hash     static final String PREFIX = "{SSHA}"; // Salted SHA-1 prefix     public static void main(String[] args)     {         var original = "{SSHA}jDgrs5iv+guDhuU9tuWp3Y4NIMxJ8jb8Cd1uu8w/urdrRB5V"; // "secret"         var base64 = original.substring(PREFIX.length());         var bytes = Base64.getDecoder().decode(base64);         var hashBytes = Arrays.copyOfRange(bytes, 0, SHA_ALGORITHM_SIZE);         var saltBytes = Arrays.copyOfRange(bytes, SHA_ALGORITHM_SIZE, bytes.length);         System.out.println("Hash length = " + hashBytes.length);         System.out.println("Salt length = " + saltBytes.length);     } }

See Also

FAQ: Passwords in DS

Password Storage

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.